Yesterday (13th December) Joomla! released a security update. This update fixes a vulnerability that is present in most Joomla! sites, affecting Joomla! 1.6.0 through 3.6.4. Besides this high priority bug, two low priority bugs are fixed as well. Also some security hardening has been done, and some bugs have been fixed with this release. It is recommended to update your… Read more »
Less than two days ago a security update for Joomla! was released. This release fixes two mayor security issues: Inadequate checks allows for users to register on a site when registration has been disabled. Report on Joomla.org Incorrect use of unfiltered data allows for users to register on a site with elevated privileges. Report on Joomla.org If you are using… Read more »
Often WordPress is being used to talk to external gateways or API’s. Especially now, with the uprising popularity of the REST API WordPress is getting more and more ready to talk to the outside world. A fairly common practice is to set sslverify = false when you’re using functions like wp_remote_get() or wp_remote_post (). Even though this was common practice… Read more »
Right now a bug in SSL poses a risk for users sending information over a supposedly secure connection. I won’t describe the bug in detail, but the short version is that it allows an attacker to force a site-visitor back to the insecure SSL 3.0 protocol. Combine this with a man-in-middle-attack (MiTM) and you can guess where this is going… Read more »
An easy way to tighten security for the login form (wp-login.php) on your site is by restricting access to it. This way people won’t be able to brute-force it. Simply beceause your Blog won’t allow access to it. I’ll show you how to set this up, using the IIS rewrite module.
The easiest way to further secure parts of your site is by blocking access to it by default. This way only you can log on to the admin section of your site. This way your site is a little bit more hardened. I will show you how this works.
In this snippet a nice and easy way to block people from accessing certain elements of your website on IIS. We’ll assume you want to keep access yourself, so we’ll exclude our own IP from this blocking.